When I’m on social networking sites, and I see friends who are using features like the Facebook Friend Finder, here’s what I send them, privately…

Hi ,

I saw your post about using the Friend Finder. There are a couple of risks in using features of sites like Facebook, where they ask for your email address and password so they can “Find your friends”.

What the site will do is log in to your Yahoo (or whatever) email account and start searching through all your contacts for email address that match ones of other members. They may say they do this safely, but I don’t recommend giving your password from one site to another site.

They don’t actually guarantee that your password won’t be lost or abused.

They also have exposure to “all” your email contacts, and while they “say” they won’t send email without your permission, they won’t guarantee it either.

So, if a hacker breaks their security (and Facebook is a BIG target for hackers), then your email account (and if you’ve used the same password for other sites, them too) could be used in Identity Theft, and your email contacts could all start receiving dangerous spam that might lead to their identities being stolen.

I might be a bit paranoid, but I’d just like to see you avoid future annoyances and embarrassment.

I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn’t mean you can’t have an economical way to address human security risks. Please call or email me at the coordinates below…